CVE-2025-14091

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TrippWasTaken PHP-Guitar-Shop versions prior to 6ce0868889617c1975982aae6df8e49555d0d555

Description A weakness exists in TrippWasTaken PHP-Guitar-Shop. The issue is related to SQL injection within the Product Details Page component, specifically in the /product.php file. Manipulation of the ID argument can trigger the injection. This attack can be launched remotely. The exploit has been publicly released.

Recommendations Update TrippWasTaken PHP-Guitar-Shop to a version prior to 6ce0868889617c1975982aae6df8e49555d0d555.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-14091

Affected Products

Php-Guitar-Shop

CVE-2025-14091

Weakness Enumeration

Related Identifiers

Affected Products

References · 9